PS: Oh, before I forget, the hacker-kid who told me how to use this new algorithm, said it was very important I used the command option -md sha256 when decrypting. Why? Who knows? He said something about living on the bleeding-edge...
PPS: flag2{054738a5066ff56e0a4fc9eda6418478d23d3a7f}

Ok so bobby here seems to want me to decrypt the csv file…. jeez decryption is not my cup of tea… so wikipedia tells me that the alg on october 2000 was aes-256-cbc. I tried to decrypt with the flag as passphrase but suuuuure it didint work. I sa on the message ROCKYOU in MAJ so i will use the rockyou.txt password list. I need to try them all…

George Costanza: [Soup Nazi gives him a look] Medium turkey chili.
[instantly moves to the cashier]
Jerry Seinfeld: Medium crab bisque.
George Costanza: [looks in his bag and notices no bread in it] I didn't get any bread.
Jerry Seinfeld: Just forget it. Let it go.
George Costanza: Um, excuse me, I - I think you forgot my bread.
Soup Nazi: Bread, $2 extra.
George Costanza: $2? But everyone in front of me got free bread.
Soup Nazi: You want bread?
George Costanza: Yes, please.
Soup Nazi: $3!
George Costanza: What?
Soup Nazi: NO FLAG FOR YOU

Ok so next i will go and challenge the other website at c2444910794e037ebd8aaf257178c90b.

I thinked i would be able to just redirect the reader to an url for a web_delivery, but it was not so easy. We need a key to do that.
After i tried to use LFI to get a php shell up and running but even if it is directly on the ressource i received an auth key demand. (HERE)
So i readed more about LFI and found that i can obtain a base64 version of the php pages that i want with this script. thanks phil at idontplaydart.

?p=php://filter/convert.base64-encode/resource=xxxxxx.php

First of all i think its not healty to be that obsessed with base64 @vortexau!

Ok so here it is pretty straight foward. We need a 47 caracter key, in the flag.php it said we need this flag who it 47 car.
So i will build a special web_delivery for metasploit and we will surely get shell.
webdeliveryez.php

www-data@skuzzy:/tmp$ /opt/alicebackup
/opt/alicebackup
# whoami
whoami
root
# cd /root
cd /root
# ls
ls
flag.txt
# cat flag.txt
cat flag.txt
Congratulations!
flag5{42273509a79da5bf49f9d40a10c512dd96d89f6a}
You've found the final flag and pwned this CTF VM!
I really hope this was an enjoyable challenge, and that my trolling and messing with you didn't upset you too much! I had a blast making this VM, so it won't be my last!
I'd love to hear your thoughts on this one.
Too easy?
Too hard?
Too much stuff to install to get the iSCSI initiator working?
Drop me a line on twitter @vortexau, or via email vortex@juicedigital.net